It's very much a use-case and risk driven decision. A company should be using Teleport, which is a lot more than just certificates (but they do use certs). For your personal VPS or GitHub account, nobody is going to go out of their way to get your SSH keys.
The biggest "you're doing it wrong" I see is people who disable host key verification because their servers' IPs change constantly. Do you want MITM?! Because this is how you get MITM! Might as well use Telnet for connections.
The biggest "you're doing it wrong" I see is people who disable host key verification because their servers' IPs change constantly. Do you want MITM?! Because this is how you get MITM! Might as well use Telnet for connections.